Thursday, May 28, 2009

Apache 1.3 and 2.0 Flood/DoS/DDoS Protection with mod_dosevasive (Avoiding Denial of Service Attacks)

With the widespread infection of many computers with viruses, and the ever increasing number of Botnets, DoS and DDoS attacks can be quite frequent and can very easily bring a website to halt for days. This article provides a module solution for apache to help mitigate small http DoS and DDoS attacks.

- DOSHashTableSize: is the size of the table of URL and IP combined- DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.- DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list. - DOSPageInterval: is the interval that the hash table for IPs and URLs is erased (in seconds) - DOSSiteInterval: is the intervale that the hash table of IPs is erased (in seconds) - DOSBlockingPeriod: is the time the IP is blacked (in seconds) - DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked- DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router. - DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1

Although mod_dosevasive can be quite effective in some cases, in others it can cause more problems by blocking non-offending IPs.